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(57) Abstract 

User verification for transactions in which the user has a transaction card (10) and his own card reader (12) is provided by assigning 
to the card and the reader both a public and a secret number. A one-way encoding function is used to encode the secret "umbere, and 
the public numbers are used at the provider end to elicit corresponding secret numbers from separately located databases (18. 20). Ihc 
corresponding secret numbers are encoded using the same one-way function at the provider end and if the result is the same as ttia 
performed at the sending end then the user is positively identified. TTie two databases are kept apart so that no single location can be hacked 
' into to reveal enough information for the system to be successfully abused. 
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Transaction Card Security System 

Field Of The Invention 
The present invention relates to security systems for transaction cards, including 
smart cards and magnetic strip cards. 

Background Of The Invention 
Transaction cards are widely used for making purchases and for obtaining cash and 
credit, and it has long been a preoccupation with card providers to provide security 
against theft for such cards. Recently there has been a growing tendency to use cards of 
this type in transactions made over the telephone or the internet or like unsecured public 
networks. In many cases transactions over the telephone are made verbally and involve 
the card owner reading out the serial number printed on the card. In other cases 
transactions over the telephone are carried out using the numerical keys of the telephone, 
a computer at the receiving end being adapted to recognize the tones associated with 
each numerical key. In neither case is any security provided, and the card holder is 
vulnerable should anyone be eavesdropping on the communication. However in such 
transactions no security is possible because the transaction is made directly between the 
two parties and thus no secret information can be used. 

It is therefore desirable to use a system of authorizing transactions between two 
parties, whether made over the telephone, or the^ internet or like unsecured public 
communication network, or whether made face to face in a shop or the like, that allows 
the use of secret information to authorize the transaction, without handing over any 
secret information to the other party to the transaction or for that' matter to 
eavesdroppers on the public communication network. 

It has been proposed to provide each cardholder, or group of cardholders, with an 
electronic card reader that is portable and. can ' be plugged in to the relevant 
communications network. The transaction card is entered into a receiving port and the 
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card reader has a keyboard and screen so that the user PIN associated with the card can 
b.e entered. The card. reader then encodesvthe.pin and, sends the encoded PIN together 
with details of the transaction to a server associated with the provider , of the card, who 
authorizes the transaction. The . card reader is a small, y/aferlike device, of about the 
thickness of three of the transaction cards and contains a central processor and memory 
I as well . as. a connector for connecting the device.to a communications network. 

In an improvement of the above proposal the card reader is issued with a serial 
number. The serial number is transmitted with; the transaction information and part of 
the authorization procedure involves matching up the card reader with the card. If the 
• card is authorized to be used with that,, reader- then: the transaction is allowed and if not 
then the transaction is not authorized. _ f f ; 

Thus the serial number of the reader is used for identification purposes. . However 
the only secret information that is used in the authorization process is the PIN associated 
with the card. This number must rbe kept ^hort because it? has to be memorized by the 
user, usually four digits is the maximum length, and therefore the total amount of secret 
information that is used to establish the transaction is not that great. Furthermore, no 
. secure system is used to establish.the identity of the card reader. 

A recent development in the use of transaction cards is the EP protocol for 
electronic money. ; A secure file is 'minted* as the electronic coin and is loaded onto the 
; card. The coin is used in trjansactions involving the card and^he card holder would wish 
- to be able to . use his coins securely without having to impart his secret information to 
equipment belonging to the other party , to .the transaction. The protocols involving 
electronic money require considerable processing power and therefore a card reader at 
least of the type described above is needed. Furthermore a means is needed to allow the 
card holder to manage his electronic money as electronic coins cannot b^e removed firom 
r a wallet and counted. 
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Summary of the Invention * 
An object of the prfesfeitt ihventioii 4s to provide a systeni by which both the card 
' and reader can be separately identified, arid in respect of which ftb s has 
stored therein sufficient inifcnnatiori to carry - but the identification itself 

It is a further object of the present invention to ensure that secret information 
placed on an insecure public communications network to enable the above mentioned 
identification operation cahnot be decrypted to allow discovery of the secret information 
with any significant de^^ - 

It is yet a further object of the -ffresent invention to provide a system by which the 
total amount of secret information involved in the identification procedure exceeds the 
length of a password or PIN that the cardholder can reasonably be expected to 
• remembeK - '^^"-^ • -'^ . ;: 

* Various embodihiehtii of the^ presfeht ihv^^^ more of the above 

objects. ' *' ■ ^^:;T>/f; ::.ui.:> ; r- .r;-., ; , ; , . 

According to a first aspect of the present Invention there is provided a system for 
identifying users, having user-end apparatus and provider end apparatus. 

Each uSer-end apparatus comprises' a fii-st part having a public key and a secret key 
and a second part havihig a piiblic key and a secret key- - ah encrypt er for encrypting said 
two secret keys together using a one-way function, and an output for transmitting said 
public keys, said encrypted secret keys aiid'other data?.* * ^ * . , 

- Tlie provider ^nd apparatus comprises two separately located databases, one 
matching public and secret keys of first parts of said user-end apparatus and the second 
matching public and secret keys of second parts, a selector at each database to select 
secret keys corresponding to the public keys of each part, an encrypter for encrypting 
secret keys found on said data bases, a comparator to compare the result of the 
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lencryption at the provider end apparatus :>vith :the Tesult of the encryption produced at 
: the. usar-end apparatus,^ and an ,Gutput,foc^signaHng the- result. pf the comparison to 
indicate vv^hether the user has been successfully identifi^^ - - 5 r ; . , 

In an embodiment the provider end: apparatus has a third database matching public 
keys of said first and second parts of said user end . apparatus, and wherein said third 
database is operated by control electronics to inhibit successful identification of said user 
unless said third database indicates a match between said two public keys.. 

The comparator is preferably located together with one of said separately, located 
databases, and said secret key selected at:the:other of said separately located databases is 
sent to said comparator \isi'a secure. communication means. . . . . 

. ^"C'C..-^ . .:r:i, ; jr..- 

The. first fipart of said user-end., apparatus may. be any of .a smart card and a 
magnetic strip card, and said second part of fsaid . user-end p,pparatus may be a portable 
c^d reader assigned to a user. 

The secret key cf said first rparti. Qf; said :,u^^^ apparatus is preferably not 
recorded on said first part. Rather it is a secret pin number memorised by the user, 

. . The secret key of said second part of.said .user end apparatus may be variable in 
accordance with a variation procedure, In such an embodiment the variation procedure 
is preferably not recorded on .said second pari. 

In order to form an authentication signature the encrypters may be operable to 
encrypt said secret key of said; first parte said secret key of said second part and perhaps 
afso a time varying element. Other elements may be optionally included. 

The encryption may be carried out using a (One-rway hashing function. . 
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The user end' apparatus niay be i connected a transaction target^ and said 
transaction target' is adapted to recjeive ' from smd user'/ end :^apparatus one or -more of the 
public keys, transaction diti^and s^aid ertciy^ at least 

the same to said provider end apparatus via a, public communication network, and to 
receive said acknowledgfnehf output ,from said' pro vider end apparatus. The transaction 
target may add its 6wn identification data, either secret or public, for verifying by the 
provider end apparatus. ■ - ^ - . ..^ 

According to a second aspect of the present invention there is provided a method 
of identifying a xis^jr- comprising' - / :j • . ■ ; . : 

' supplying a'user\yith a first identification :^part having a public and a secret key and a 
second identification part having' afpublic and a secret key, • ' ' ' - 

encrypting together said secret key of said first part and said secret key of said second 
part using a one-Way encryption functiori to form a first encryption result, ' 

transmitting said ^ public keys and the result^of said ^encryption step to a ^verification 
apparatus, 

transmitting said public key of said first part to a database that matches public and 
secret keys of said first part and finding a correspdndirig 'secret key, ^ 

transmitting said public key 'of said -second part to a database that matches public and 
secret keys of s^d second part and finding a corresponding secret key, 

encrypting together said secret keys obtained from said databases using said one-way 
encryption function to form a second encryption result, ^ ' ' 

comparing said first and second eJici^^tiori riesults and, if they are identical, then 
indicating successful identification of said user. 

Brief Description Of The Drawings . 
For a better understanding '6f the invention and to show how the same may be 
carried into effect, reference will now be made, purely by way of example, to the 
accompanying drawings in which, ^ ^^^^ ' - ' ' • ; • 

Figure 1 shows a first embodiment of the invention, 
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: . Figure 2 show? a part o£fig^^^ 

Figure 3 shows a seeond embodiment of the invention, . - . ; . 

Figure 4 shows a third embodiment of the invention, and 

Figure 5 shows a fourth, embodiment jof the present invention. 

/ -/Description Of The Preferred Embodiments 
Figure, 1 shows a^first embodiment of the invention. . A card 10 is provided to the 
user and -may. preferablv be a smart card .pr a .magnetic car<l and may contain 
: identification data A. Identificatipn data; A is stored on the card, either in. an electronic 
memory .or on the magnetiQ strip. ;J3ii?^dato regarded as especially secure as it can 
be read by a card reader. Assedated Nvith.the. card is a user secret number or pin number 
P- which is not recorded cn , the cai:d and- is known onlyj to the user and to the provider of 
thecard.- , . ; . - ■•^^^o.-; ' ; - 

The user is also* provided with a;carjd.Teader 12,. The card reader 12 is preferably a 
small portable device unique to .the user... , An example of the device 12 is shown in 
greater detail in figure 2 and comprises card reader apparatus 30, a small keyboard 32, a 
small LCD screen 34, a memory 36, some signal processing ability 38 and an output port 
40. A power supply 40 may preferably^^be a battery, and recharging means may be 
included . ' All: of these may. be controlled by a processor 44. The card reader apparatus 
30 may preferably include a reader for a magnetic strip and a reader for a smart card. 
The output means may simply be a tone generator that generates DTMF tones in 
accordance with numbers to be sent, and may thus work by placing the device next to the 
telephone speaker in order to effect transmission. In other embodiments the output 
. . means may be. a generator of digital signals for use in an internet connection. The output 
may also be designed to be connected-direcnly to.transactipn equipment 13 belonging to 
a vendor. 
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The output is connected to a secret data memory 46 and the memory 36 only via 
the processor 44 which carries- but the 'encrypti<Dni so that there is -no possibility of secret 
information being sent out unencrypted from the card reader apparatus. The purpose of 
the card reader is to enable the user to use secret data to validate a transaction made 
through apparatus such as transaction equipment 13 in the possession of a third party, 
without at the same time handing over the secret data to the third party. 

The card reader may have idehtificatioh data B ai>d may al^b have a secret number 
Pw which is stored inside the machine and is known only to the issuer of the card reader. 
Identification data B may be stored in the machine 12 or may be a password typed in by 
the us^r. • The card reader 12 is designed to be connected -via output port 40, to a 

' communications network "such as 'the public telephone^ network of the internet or, as 
' shown 'in" figure 4,' diirectly -to transaction app^atus of a third party. - Neither the 
transaction appiar^latiis" hbr the cbmmunicatioris network can- be regarded as secure and 
therefore any seinsitive data to-be "transferred - must be encrypted. The; card reader 12 is 
therefore able to encrypt data* usiHg- a one v/ay fiihction. In a preferred embodiifnent the 
one way function is a hashing function. A hashing function is a ftinction that is many to 
one, that is to say more than one input can lead to a given output. Hence the function is 
one way, that is to say ther^ is no irivefse function that will allow the 'input to be derived 

' • unambiguously fr'om the output. In an em^ 

known ias MD5 lo used, • • ' - j -.^ ^ t ' ' 

In order fo tany but a traniaCtibn liSiifig the card and the reader, all that is 
necessary is for the user to insert tHe' card 10 into the reader' 12 and type in the pin 
' number; as Well as any relevant details of the transaction.- The reader 12 is connected via 
the output port 40, and it calculates the hashing product of say the: pin code Pc and the 
secret nuthber of the reader Pw; as well as of a third component that varies ovfer time, for 
exarn'ple the output of clock 46. A time varying eomponerit is preferred So that the 
eavesdropper cannot simply copy the encrypted message arid' tnakeit appear that he has 
'atcess to the 'secret hUmbfers when he dbes not.: ^ " • * ^ . * 
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^ . The result of the hashing operation is . sent as an authentication signature. The 
remainder of the details; of the fTMsactio^i^jlnclu identification data of the card A and 
of the reader B, are sent unencr^ted Alternatively they^are sent encrypted using a 
scheme that allows their decryption at the^ far end, for example a. DES (data encryption 
standard) scheme. 

, The entire transmission relating to the transaction is preferably received by an IAS 
client 13, which is a computerised transaction apparatus belonging to the other party to 
the transaction. The client validates certain details of the transaction such as value and 

, tirne^ perhaps compares the usemame with a private list of bad debtors or the like, and 
then adds its own ID code C to .the transaction transmission.. The transmission is then 

^. sent via a communication network 14 to . an IAS (Identification and Authorization 
Server) 16. The communication network may, for exaniple, be the public telephone 
network or the Internet. 

The server first identifies the IAS client using using the identification data C. Then 
it identifies at least enough information from the unencrypted part of the data to select 
. appropriate destinations to pass on the infonnatipn. Thar to say it .determines who the 
, card provider is and who has provided the ^^^^^ The authentication signature is thus 
directed to a server 20 which belongs to the^provider of the card. This transmission may 
be made over an insecure data connection. , 

The server 20 sends on the reader public number B to a server 18 belonging to the 
appropriate provider of card readers. The server 1 8 is able to identify which card reader 
12 is involved in the transaction from the identification data B. It is therefore able to 
supply the secret number of the card reader pw. The authentication signature plus Pw 
. are sent oyer a secure communication link 22 to the server 20. The card provider knows 
from the card identification data A which card is being used and is therefore able to 
provide the corresponding pin or secret number Pc. The time of the transaction is known 
because it is approximately the same as that of a clock at the server 20. Alternatively the 
time may be transmitted unencoded as well as within the signature. The card server thus 
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has all of the comjjohents that wtot mto the signature and it repeats the hashing function 
with the components it has 'obtained'^ iriSepefik^^ If this^prbduces' the same result as 
thk signatiirei/ and pro^ that the card is authorized for use* with that "same card reader, 
" then the" transaction is authorized ind a signal to this effect is transmitted to the IAS 
server 16. 

The transaction may now ' be completed by signalling authorisation of the 
transaction to the IAS client^ The secret number of the card reader Pw is not stored in 
' the server 20 orice the ' authorization is completed. For the short period until the 
verification is completed it is preferably stored only in volatile memory as part of a data 
'Structure that is protected from' being cbpied by the operating system into nbn- volatile 
' rnemory everi as a 'temporary swap file. Thus no single server has the ability to 
authenticate the signature arid there is no' single server that can be tapped illegally to 
obtain enough information to forge a signature. Furthermore even the tapping of secure 
communication link 22 would not enable the user to obtain enough information to forge 
■ asignatureV" ' . ' 

' ' It will be appreciated by the person skilled in the art that "either of the two servers 

T8 and 20 rtiay' carry out the autheriticafibn' procedure, that^is to say, either the card 

* provider's server 'or the reader provider' s 'sef^^ may be" sent the authentication 
signature, and carry out the authentication check: In a further variation the server that is 
not provided with the authentication signature may be provided directly with its 
respective public key from the IAS' server 16 without the mediation of the the other 
server. 

' Figure 3 is a preferred embodiment operative in accordance with the present 
invention.' In a transaction involving "electronic money, the'recipient riiay riot have an 
* iXS' client. Th these circumstances the tasks of the IAS client are carried out in 
associdtioh v/ith the IAS server 16. ' " 
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In an alternative embodiment the need to send a secret number over a secured 
' - network is avoided. - As -before/ the- fe^^^^ prbdiict-and'the public numbers are 

received at the IAS ser/er: The public-nutfibers are sent to theii" -respective- servers with 
the encryption product. The' corresponding secret numbers arig fd^^ server 18 

and 20 and are. separately encrypted at each' server. Then the secured linlc 20 is used to 
send the encrypted version of one of the numbers to the other server which is then able 
to complete the identification as before, but without at any time having held the other 
secret number. The only additional requirement for this alternative embodiment is that 
the one-way function is* commutative. - * / = / . - - 

' f The card reader sfecrei' number Pw is preferably stored within- the card reader as part 
of a secret data memory 46. The connections to the secret data memory 46 arc such that 
there is no readout operation that enables the secret number to be accessed. That is to 
* say it' cannot be read out except via the circuits for the enciypting ftinctibn. The secret 
data memory' 46 is positioned within die card 'reiser 1 2 in such a position that access is 
difficult and it is desi^ied to wipe the infonhation iri the event of a direct* attempt to 
' " access the data. "'■ '^-^^ " - \ :r \ : i ^ ^; 

• ' ' ' '■" - t * - " * . ^ r C \ ■: \ : i ^-.r^.^^r 

" ' " The secret number of the card reader could be ia fixed code of fixed length. Its 
' length is not restricted by the need fcT a'liser to be able to remember it as it is stored in 
the reader. Alternatively the length of the key could be varied in some way. For 
example the secret data memory 46 may store a matrix of information and use different 
parts of this matrix at different times in accordance with a predetermined algorithm. 
Thus the length arid the content of the secret' number may be changed as desired. This 
has the added advantage that there is ho single part of the cai*d reader that can be hacked 
to obtain the secret number. The algorithm for varying the -nuriiber need riot be stored 
anywhere within the card reader. 

As a further alternative one of the secret numbers could be u number constructed in 
accordance with the recognition of the fingerprint of the -user or some other -invariant 
personal authentication means^ - ' : 
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, Instead of an output port that j^eig^d^; phy^^^ ;the x^d reader 

and the terminal of the eprnmunicatipn; net^york, it is possible to;make an output -port that 
. . .sends infr^-red : signals, the terminal of the^^ppm network b^ing . operative to 

detect these signais>^d convert theniinto.^ fqi;m suitable for sending down the network. 

; In a- more v elaborate version, the , card . reader may produce two sets of 
authentication signatures, each b^sedj qa different sets of public anc| secret information. 
For example the card may have two public numbers A. an<J: A'; and the card reader may 
likewise have two sets of such numbers B and B' as well as two secret numbers Pw and 
Pv,', .:Each of: the^. signatures may the.n be sent fpr authenticatipn to different pairs of 
/ *>.: .servers respectively.- , . ?r -ii - i- .rs.a • • 

The card itselfris esseijtidly .a ^ata device, - tn^^ed a smart, card can store 

- many kilobytes of data, , Thus the^c^rd reade^^^^ fact not just, a reader but a 

' writer as well, can incoi^pprate CQnsidera^ abilities. It can be used to 

store databases on the card, as well as programs, and can be used to call programs from 
the card and run them. The keyboard 32 is available to the user to write directly to the 
: card, allowing it to serye as a npitpbppl^.idiaiy^^M book as well as a credit card. 

The credit card reader 12 is alsp abl^:tp : support the protQCols.npcessary for Ep standard 
electronic money and tjierefpre the coiribinatipn pf card and reader serve .as an electronic 
. .: -'waUet. . - r ,1 : , ^ .,7; - - r^i: ■ ^r- • . ■ - 

r As mentioned abpye,; the secret; numbers^ may be encryp^d - together jWith the time, 
^ which is generated in .the clpqk 46 of the ^ reader. Preferably th^ tinie .us^ is GMT or 
some other agreed standard^ so that intematipnal transactions are not a(d^^ersely affected. , 

In the embodiments described above the use of a card has been restricted to given 
readers because -the^ public numbers of t^^^^ reader are checked. against a third 

^database that lists the cardsr authpri^edrfor use with each reader. Thus any abuser of the 
system is obliged to hack three databases in order to obtain. sufficient information to 

11 
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impersonate a user successfully. The three databases are preferably located on different 
,.: . .wqhines , at ; separate locations, belo^^^^ dijBFerjBnt organizations and arranged to 



prevent hacking. 




It is possible to configure the system such that only transactions above a certain 
amount are restricted to a given reader/card combination and this is a way of striking a 
balance between convenience and security. As an additional level of security the reader 
may require a user-entered password, in addition .to the PIN of the card, and may lock 
, up,, that is to say may cease to operate,, after a giyen number of unsuccessful attempts to 
enter the password, Unlocking of the card is_ an operation that can only be carried, out by 
-an authorized maintenance center. It may depend,on a further pin number, or any one of 
a rMge of^altenaative schemes well known tQ the- skilled man. 

_ .Figpre 4 is a -simplified emhpdiipent of the invention., In figure 4, parts that are the 
same as those shown in figure 1 or figure 3 are given identical reference numerals. In 
this figure neither a separate, I ASxlient nor a 

-:The card re?.der. 12 has an encrypter 50 and the .output ^0 has the ability to route 
the transmirsion, including the encrypted portio;^ thereof, directly to the two servers 18 
and 20 that hold the databases^of,public against secret, numbers. Each of the servers has 
a selector, 52 which ..selects the appropriate secret number for the received public 
number. In one of the servers 18 the secret number selected is sent via secure 
connection 22 to the other serv.er 20 where it is placed in an encrypter 54. Encrypter 54 
is identical in operation to that 50 in card reader 12. The secret number selected by 
^ selector 52 in server 20 is likewise placed in, encrypter 54, and an encryption operation is 
carried out on the two secret numbers plus the same time varying element, fpr example 
the time, that is indicated as the time of the transaction by the unencoded information 
: sent by the card reader. . 

■ . • ■ • > ■ . • . < r - / . .... ... . . 

The result o.f,the encrypt,;pn is, passed to. a comparator 56 where it is, cpmpared 
with the encoded information received directly from the card reader. If they are the same 
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then a transaction authorization signal is sent out, via output 58, to the public network. 
In a variation the secret number'that is'sdit 'frbni serVer 18-to 'server 20 is sent encrypted 
for additional security, although in this case the encryption operation used is a reversible 
encryption operation as it is necessary to extract the secret number at server 20. 

^ Figure 5 shows an embbdiinSnt of the invention for use in telephone based ordering 
or for orders made over the ititernet/ and in which the order is received by the vendor 
using electronic means. A card reader with ciafd inserted 60 is connected either directly 
to a ieiephdrie 62 or to ah infra-red link terminal 64 or to a PC 66, which has itself been 
conne'cte^I to the vendbr V70 through the telephone network or the 'internet or like 
unsecured public network, 68.' Vendor processing apparatus 72 sets up the transaction 
with the user, and, as' tfie frahsatftioir is'^^c^^ processing apparatus 

requests authentication from the purchaser. The purchaser types in his secret number Pc 
' as before and the card' reader/c^rd combination sends an aiiihentication signature. 

The vendor processihig' app^^ traiismission but is ' uniable to 

discover the purchaser's secret keys. The authentication signature is passed, together 
with identification data bif thei vendbr 70; back to the public riet\*ork 68 and thence to the 
' IAS server 16 where'it is processed as^descriyed'^pre^^ Thus -the identity of a 

purchaser Can be Wth6nticated thrOiigliHhe' processing apparatus without the 

' vendor being able to discover any secret 'iiifbrhiatiori of the purchaser. 

It will be appreciated thai iii eJach of the above embbdinients onie; or other of the 
" secret numbers Pc and P^, could be assigned a zero value. ' The- system is operated in 
exactly "the same way and may be used to' provide independent identification for either 
the card or the reader. m - . c 

In a further embodiment of the invention it is possible to encode the public number 
of the card. This is desirable in order to keep the public number fi*om the vendor. At the 
* ' present time it is possible to use credit* cards 'solely on the strength of the public number, 
' " 'for example in telephone ordering. Becausie the public number has to be known in order 
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to identify the signature a two-way encription algorithm has to be used. The encryption 
^ -'. of the public number is carried out using, the reader J which contains an encryption key 
that can be used for a two-way encryption algorithm such as DES. The, pubUc number 
- is decrypted by the IAS server. 16, which novs^ has all the mformation it needs to route the 
signature to the servers of the correct pro\dders. , ^ 

It is appreciated -that the various features of the inyention which are, for clarity, 
described in the contexts of separate embodiments may also be provided in combination 
.in a single embodiments Conversely, various features of the invention which are, for 
-brevity, d^escribed in the context of a single embodiment may also be provided separately 
or in any . suitable subcombination, . 
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> ^ - ' - * Claims ^ ' ^ - 

1. A system for identifying- us6rsV' 'tSmpnsing' user-en^ appiaratus ariii provider end 
•apparatus; ' ''■ ' ' ' '''■^--■V -J^)" --^ •:. 

wherein each user-end apparatus coniprises a first part having a public number and a 
secret number and a second part having a public huinber and a secret number, an 
encrypter for encrypting said two secret numbers together using a one-way function, and 
'an output for transmitting said -public numbers, said encrypted secret: numbers and other 
data;' ' ' c 

' wherein the provider end apparatus comprises ^two separately located databases, one 
matching public and secret numbers- of first parts of said user-end apparatus and the 
second matching public and secret numbers of second parts, - a selector at each database 
to select secret numbers corresponding to the public numbers of each part, an encrypter 
for encrypting secret numbers found on said data bases, a comparator to compare the 
result of the encryption at the provider end apparatus with the result of the encryption 
produced at the user-end apparatus, and an output for signaling the result of the 
comparison to indicate whether the user has been successfully identified. 

2. A system according to claim 1 wherein said provider end apparatus has a third 
database matching public numbers of said first and second parts of said user end 
apparatus, and wherein said third database is operated by control electronics to inhibit 
successful identification of said user unless said third database indicates a match between 
said two public numbers.. 

3. A system according to claim 1 wherein said comparator is located together with one 
of said separately located databases, and said secret number selected at the other of said 
separately located databases is sent to said comparator via a secure communication 
means. 

4. A system according to claim 1 wherein said first part of said user-end apparatus is one 
of a group comprising a smart card and a magnetic strip card, and said second part of 
said user-end apparatus is a portable card reader assigned to a user. 

15 
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5.ii4;.:sj,steiTuaccordirig to cldm,4: wherern. said- secret number of said first part of said 
user-end apparatus. is not recorded on said 6rst part. ■::> . ci . , . 

6. A system according to claim 4 wherein said seci-et number of said , second part of said 
user end apparatus is variable in accordance with a variation procedure. 

7. A system according to claim 6 wherein said variation procedure is not recorded on 
said second part. •: .- :. . . : . . 

8. A system according , to claim 1^ wherein .saidcenciypters are aperable to encrypt said 
secret number of said first part, said secret, number of siaid second part and a time varying 
element. 

9. A system according to claim 1 wherein said encrypters are operable to encrypt using a 
one-way hashing fiinction. 

10. A system according to claim 1 wherein said user end apparatus is connected to a 
transaction target, and said transaction target is adapted to receive fi-om said user end 
apparatus at least one of a group comprising said public numbers, transaction data and 
said encrypted secret numbers, and to relay said at least one of said group to said 
provider end apparatus via a, public communication network, and to receive said 
acknowledgment output fi-om said provider end apparatus. 

11. A system according to any preceding claim wherein said public number of said first 
part is encrypted prior to transmission using a two-way encryption fijnction. 

12. A method of identifying a user comprising 

supplying a user with a first identification part having a public and a secret number 
and a second identification part having a public and a secret number, 
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encrypting together said secret number of said first part and said secret number of said 
second part using a one-way encryption-function to^form. a first encryption result, - 

transmitting said public numbers and the result of said encryption step, to a verification 
apparatus, 

transmitting said public number of said first part to a database that matches public and 
secret numbers of said first part and finding a corresponding secret number, 

transmitting said public number of said second part to a database that matches public 
and secret numbers of said second part and finding a corresponding secret number, 

encrypting together said secret numbers obtained fi-om said databases using said one- 
way encryption fiinction to form a second encryption result, 

comparing'said . first and second 'encryption results and; if they -are identical, then 
indicating successfiil identification of said user/ v- ■ . 
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